package com.jt.auth.config;

import lombok.AllArgsConstructor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
@AllArgsConstructor
@Configuration
@EnableAuthorizationServer
public class Oauth2Config extends AuthorizationServerConfigurerAdapter {

    //@Autowired
    private BCryptPasswordEncoder passwordEncoder;

    //@Autowired
    private AuthenticationManager authenticationManager;

    //@Autowired
    private TokenStore tokenStore;

   // @Autowired
    private JwtAccessTokenConverter jwtAccessTokenConverter;
    /**
     * 用户需要携带什么信息到认证服务器
     * @param clients
     * @throws Exception
     */
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                //定义客户端标识(客户端到认证地址认证时,携带这个信息)
                .withClient("gateway-client")
                //定义客户端携带的密钥
                .secret(passwordEncoder.encode("123456"))
                //定义认证的类型
                .authorizedGrantTypes("password","refresh_token")
                //所有的符合条件都允许
                .scopes("all");
    }



    /**
     * 定义认证的地址
     *
     */
    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {

        security//oauth/token
                .tokenKeyAccess("permitAll()")
                //oauth/check_token
                .checkTokenAccess("permitAll()")
                //运行表单认证的方式
                .allowFormAuthenticationForClients();
    }


    /**
     * 定义认证的对象,认证成功之后发送令牌.
     * @param
     * @throws Exception
     */

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        //定义认证对象
        endpoints.authenticationManager(authenticationManager)
                    //定义令牌服务(默认的不满足需求)
                    .tokenServices(tokenServices());
    }

    @Bean
    public AuthorizationServerTokenServices tokenServices(){
        //1.构建令牌服务对象
        DefaultTokenServices tokenServices=new DefaultTokenServices();
        //2.设置令牌创建及存储(JDBC Redis JWT memory)
        tokenServices.setTokenStore(tokenStore);
        //3.设置令牌增强(默认是UUID)
        tokenServices.setTokenEnhancer(jwtAccessTokenConverter);
        //4.设置刷新令牌
        tokenServices.setSupportRefreshToken(true);
        //5.设置刷新令牌有效期
        tokenServices.setAccessTokenValiditySeconds(3600);
        tokenServices.setRefreshTokenValiditySeconds(5400);

        return tokenServices;
    }



}
